summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-01-22upstream: factor out parsing of allowed-signers linesdjm@openbsd.org
OpenBSD-Commit-ID: 85ee6aeff608371826019ea85e55bfa87f79d06e
2020-01-22unbreak fuzzer support for recent ssh-sk.h changesDamien Miller
2020-01-22upstream: expose the number of currently-authenticating connectionsdjm@openbsd.org
along with the MaxStartups limit in the proctitle; suggestion from Philipp Marek, w/ feedback from Craig Miskell ok dtucker@ OpenBSD-Commit-ID: a4a6db2dc1641a5df8eddf7d6652176e359dffb3
2020-01-22upstream: document the default value of the ControlPersist option;naddy@openbsd.org
ok dtucker@ djm@ OpenBSD-Commit-ID: 0788e7f2b5a9d4e36d3d2ab378f73329320fef66
2020-01-22remove accidental change in f8c11461Damien Miller
2020-01-21upstream: don't #ifdef out the KRL code when compiling withoutdjm@openbsd.org
libcrypto support; it works just fine and disabling it breaks a few tests. ok dtucker@ OpenBSD-Commit-ID: 65f6272c4241eb4b04de78b012fe98b2b555ad44
2020-01-21upstream: pass SSH_SK_HELPER explicitly past $SUDO to avoid it gettingdjm@openbsd.org
cleared; with dtucker@ OpenBSD-Regress-ID: 03178a0580324bf0dff28f7eac6c3edbc5407f8e
2020-01-21upstream: check access(ssh-sk-helper, X_OK) to provide friendlydjm@openbsd.org
error message for misconfigured helper paths OpenBSD-Commit-ID: 061bcc262155d12e726305c91394ac0aaf1f8341
2020-01-21upstream: Document sntrup4591761x25519-sha512@tinyssh.org. Patchdtucker@openbsd.org
from jtesta@positronsecurity.com via github PR#151. OpenBSD-Commit-ID: f3d48168623045c258245c340a5a2af7dbb74edc
2020-01-21upstream: fix ssh-keygen not displaying authenticator touchdjm@openbsd.org
prompt; reported by jmc@ OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859
2020-01-21upstream: a little more verbosity in sign_and_send_pubkey() debugdjm@openbsd.org
messages OpenBSD-Commit-ID: 6da47a0e6373f6683006f49bc2a516d197655508
2020-01-21upstream: one more replacement "(security) key" -> "(FIDO)naddy@openbsd.org
authenticator" OpenBSD-Commit-ID: 031bca03c1d1f878ab929facd561911f1bc68dfd
2020-01-21upstream: undo merge error and replace the term "security key"naddy@openbsd.org
again OpenBSD-Commit-ID: 341749062c089cc360a7877e9ee3a887aecde395
2020-01-21upstream: Document loading of resident keys from a FIDOnaddy@openbsd.org
authenticator. * Rename -O to -K to keep "-O option" available. * Document -K. * Trim usage() message down to synopsis, like all other commands. ok markus@ OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
2020-01-21upstream: sync ssh-keygen.1 and ssh-keygen's usage() with eachnaddy@openbsd.org
other and reality ok markus@ OpenBSD-Commit-ID: cdf64454f2c3604c25977c944e5b6262a3bcce92
2020-01-21upstream: revise the fix for reversed arguments onnaddy@openbsd.org
expand_proxy_command() Always put 'host' before 'host_arg' for consistency. ok markus@ djm@ OpenBSD-Commit-ID: 1ba5b25472779f1b1957295fcc6907bb961472a3
2020-01-21upstream: pass the log-on-stderr flag and log level through todjm@openbsd.org
ssh-sk-helper, making debugging a bit easier. ok markus@ OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a
2020-01-21Wrap copy_environment_blacklist() in #ifdefDamien Miller
It's only needed for USE_PAM or HAVE_CYGWIN cases and will cause compiler warnings otherwise.
2020-01-21dependDamien Miller
2020-01-21Fix missing prototype warning for copy_environmentRuben Kerkhof
This function is only used in this file, and only on Cygwin, so make it static and hide it behind HAVE_CYGWIN. Prevents missing prototype warning.
2020-01-21configure.ac: fix ldns testRuben Kerkhof
When running ./configure --with-ldns, if ldns-config cannot be found, we add -Iyes/include to CPPFLAGS and -Lyes/lib to LDFLAGS. Fix that.
2020-01-21Make sshpam_password_change_required static.Ruben Kerkhof
sshpam_password_change_required is only used in auth-pam.c, so make it static to prevent a mising prototype warning.
2020-01-21sandbox-darwin.c: fix missing prototypes.Ruben Kerkhof
Include the right header just like the other sandbox files. Fixes missing prototype warnings for ssh_sandbox_* functions.
2020-01-20Fix a few warnings when on Mac OS X.Ruben Kerkhof
Include stdlib.h for calloc, malloc, free and setenv.
2020-01-20Fix building without openssl.Ruben Kerkhof
This fixes the following when there are no openssl headers on the system: ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found
2020-01-16Add config.log to .gitignoreRuben Kerkhof
2020-01-16Fix typo in README.md, s/crytpo/crypto/Ruben Kerkhof
2020-01-15Wrap stdint.h in ifdef HAVE_STDINT_H.Darren Tucker
2020-01-14Wrap stdint.h inside HAVE_STDINT_H.Darren Tucker
2020-01-14Include compat header for definitions.Darren Tucker
2020-01-14Improve search for 'struct timespec'.Darren Tucker
Make struct timespec test consistent with existing timeval test. Include time.h for timespec in compat header where required.
2020-01-14Update depend to remove rmd160.h.Darren Tucker
2020-01-14Remove configure test & compat code for ripemd160.Darren Tucker
RIPEMD160 support was removed upstream in 2017, however we still had a configure test and compat code for it, so clean those up now.
2020-01-11releasing package openssh version 1:8.1p1-5Colin Watson
2020-01-11Deny (non-fatal) ipc in preauth privsep childColin Watson
Closes: #946242
2020-01-11Deny (non-fatal) ipc in preauth privsep child.Jeremy Drake
As noted in openssh/openssh-portable#149, i386 does not have have _NR_shmget etc. Instead, it has a single ipc syscall (see man 2 ipc, https://linux.die.net/man/2/ipc). Add this syscall, if present, to the list of syscalls that seccomp will deny non-fatally. Bug-Debian: https://bugs.debian.org/946242 Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=30f704ebc0e9e32b3d12f5d9e8c1b705fdde2c89 Last-Update: 2020-01-11 Patch-Name: sandbox-seccomp-ipc.patch
2020-01-11seccomp: Allow clock_nanosleep() and variantsColin Watson
2020-01-11seccomp: Allow clock_gettime64() in sandbox.Khem Raj
This helps sshd accept connections on mips platforms with upcoming glibc ( 2.31 ) Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b110cefdfbf5a20f49b774a55062d6ded2fb6e22 Last-Update: 2020-01-11 Patch-Name: sandbox-seccomp-clock_gettime64.patch
2020-01-11Allow clock_nanosleep_time64 in seccomp sandbox.Darren Tucker
Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com. Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=5af6fd5461bb709304e6979c8b7856c7af921c9e Last-Update: 2020-01-11 Patch-Name: sandbox-seccomp-clock_nanosleep_time64.patch
2020-01-11seccomp: Allow clock_nanosleep() in sandbox.Darren Tucker
seccomp: Allow clock_nanosleep() to make OpenSSH working with latest glibc. Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093. Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b1c82f4b8adf3f42476d8a1f292df33fb7aa1a56 Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=546274a6f89489d2e6be8a8b62f2bb63c87a61fd Last-Update: 2020-01-11 Patch-Name: sandbox-seccomp-clock_nanosleep.patch
2020-01-09releasing package openssh version 1:8.1p1-4Colin Watson
2020-01-09Stop using 2020 as a future date in regress testsColin Watson
2020-01-09upstream: what bozo decided to use 2020 as a future date in a regressdjm@openbsd.org
test? OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=ff31f15773ee173502eec4d7861ec56f26bba381 Last-Update: 2020-01-09 Patch-Name: regress-2020.patch
2020-01-09upstream: fix reversed arguments on expand_proxy_command(); spotteddjm@openbsd.org
by anton@ OpenBSD-Commit-ID: db1c32478a01dfbc9c4db171de0f25907bea5775
2020-01-09upstream: put the fido options in a list, and tidy up the text ajmc@openbsd.org
little; ok djm OpenBSD-Commit-ID: 491ce15ae52a88b7a6a2b3b6708a14b4aacdeebb
2020-01-09releasing package openssh version 1:8.1p1-3Colin Watson
2020-01-09Don't build openssh-tests on Ubuntu i386Steve Langasek
Closes: #948466
2020-01-08Deny (non-fatal) ipc in preauth privsep child.Jeremy Drake
As noted in openssh/openssh-portable#149, i386 does not have have _NR_shmget etc. Instead, it has a single ipc syscall (see man 2 ipc, https://linux.die.net/man/2/ipc). Add this syscall, if present, to the list of syscalls that seccomp will deny non-fatally.
2020-01-08seccomp: Allow clock_gettime64() in sandbox.Khem Raj
This helps sshd accept connections on mips platforms with upcoming glibc ( 2.31 )
2020-01-06upstream: missing else in check_enroll_options()djm@openbsd.org
OpenBSD-Commit-ID: e058fb918fda56ddbbf0bee910101004cec421d4
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-05 16:19:47 +0000